Trojan:MSIL/Zusy.PTHT!MTB removal tips

The Trojan:MSIL/Zusy.PTHT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Zusy.PTHT!MTB virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Trojan:MSIL/Zusy.PTHT!MTB?


File Info:
name: F5DD1ED4C07168A5D594.mlw
path: /opt/CAPEv2/storage/binaries/f01f00c5f5981e160f8a8a00e167dfe32ef62b5fa3901e8d4fca9693fa04d1be
crc32: 46553F00
md5: f5dd1ed4c07168a5d5941b15656826ff
sha1: 25595c8d2a111166112f4ffdfb8a0a22072b787e
sha256: f01f00c5f5981e160f8a8a00e167dfe32ef62b5fa3901e8d4fca9693fa04d1be
sha512: c7906ad94287903934c108b701998a224a33a168e7336ea8a3d2d74b65289d08418243228cf829ed8d94310bb0abab9193771790e86e324fd8d5c715a555d2c1
ssdeep: 48:68aqppp9kMnT15T41sgPMLUgm4NMJkEi+pFNimCtiOlRcqFypfbNtmAAp:mKX19dWML+JjL/NWjszNtpy
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T11FB1951153D88377EEA70B7298635B010675F7565CA7AFAC28D8627F6E137000923AA0
sha3_384: 02d9df834fd8bc8d2a9d22dfce06bd9ebb26d1fdd6633b54225e8c47f31fe4143bcabbfb93d870a3fd127a6b3cfb3f25
ep_bytes: ff250020400000000000000000000000
timestamp: 2098-01-06 04:26:54

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: Kmgbedfm.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Kmgbedfm.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/Zusy.PTHT!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.72484581
FireEye	Trojan.GenericKD.72484581
McAfee	Artemis!F5DD1ED4C071
Cylance	unsafe
Sangfor	Riskware.Msil.Knownbe.Vbfx
Alibaba	Trojan:MSIL/Generic.d2cd70e4
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Riskware.KnownBe4.G
Paloalto	generic.ml
BitDefender	Trojan.GenericKD.72484581
Avast	Win32:TrojanX-gen [Trj]
Rising	HackTool.KnownBe4!8.13A04 (CLOUD)
Emsisoft	Trojan.GenericKD.72484581 (B)
F-Secure	Trojan.TR/Agent.pzpxo
VIPRE	Trojan.GenericKD.72484581
Sophos	Mal/Generic-S
Ikarus	PUA.MSIL.Knownbe4
GData	Trojan.GenericKD.72484581
Google	Detected
Avira	TR/Agent.pzpxo
Varist	W32/MSIL_Agent.FXM.gen!Eldorado
Antiy-AVL	RiskWare/MSIL.KnownBe4
Kingsoft	malware.kb.c.677
Gridinsoft	Trojan.Win32.Agent.sa
Arcabit	Trojan.Generic.D45206E5
ZoneAlarm	Trojan.MSIL.Agent.gen
Microsoft	Trojan:MSIL/Zusy.PTHT!MTB
AhnLab-V3	Trojan/Win.Generic.C5455536
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.72484581
Malwarebytes	Generic.Malware.AI.DDS
Tencent	Msil.Trojan.Agent.Icnw
MAX	malware (ai score=80)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/KnownBe4
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Trojan:MSIL/KnownBe4.G

How to remove Trojan:MSIL/Zusy.PTHT!MTB?

Trojan:MSIL/Zusy.PTHT!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X